| [ Index ] |
|
Code source de eGroupWare 1.2.106-2 |
1 <?php 2 /***************************************************************************\ 3 * eGroupWare - SambaAdmin * 4 * http://www.egroupware.org * 5 * Written by : Lars Kneschke [lkneschke@linux-at-work.de] * 6 * ------------------------------------------------- * 7 * This program is free software; you can redistribute it and/or modify it * 8 * under the terms of the GNU General Public License as published by the * 9 * Free Software Foundation; version 2 of the License. * 10 \***************************************************************************/ 11 /* $Id: class.sosambaadmin.inc.php 20257 2006-01-17 12:16:38Z lkneschke $ */ 12 13 class sosambaadmin 14 { 15 function sosambaadmin() 16 { 17 $config =& CreateObject('phpgwapi.config','sambaadmin'); 18 $config->read_repository(); 19 20 $this->sid = $config->config_data['sambasid']; 21 $this->computerou = $config->config_data['samba_computerou']; 22 $this->computergroup = $config->config_data['samba_computergroup']; 23 $this->charSet = $GLOBALS['egw']->translation->charset(); 24 25 unset($config); 26 } 27 28 function changePassword($_accountID, $_newPassword) 29 { 30 $smbHash = &CreateObject('phpgwapi.smbhash'); 31 $ldap = $GLOBALS['egw']->common->ldapConnect(); 32 $filter = "(&(uidnumber=$_accountID)(objectclass=sambasamaccount))"; 33 34 $sri = @ldap_search($ldap,$GLOBALS['egw_info']['server']['ldap_context'],$filter); 35 if ($sri) 36 { 37 $allValues = ldap_get_entries($ldap, $sri); 38 $accountDN = $allValues[0]['dn']; 39 40 if($_newPassword) 41 { 42 $newData['sambaLMPassword'] = $smbHash->lmhash($_newPassword); 43 $newData['sambaNTPassword'] = $smbHash->nthash($_newPassword); 44 $newData['sambaPwdLastSet'] = $newData['sambaPwdCanChange'] = time(); 45 $newData['sambaPwdMustChange'] = '2147483647'; 46 47 if(@ldap_mod_replace ($ldap, $accountDN, $newData)) 48 { 49 return true; 50 } 51 #print ldap_error($ldap); exit; 52 } 53 } 54 return false; 55 } 56 57 function checkLDAPSetup() 58 { 59 $sambaGroups = array 60 ( 61 'Domain Admins' => array 62 ( 63 'gidNumber' => 512, 64 'description' => 'Netbios Domain Administrators', 65 'sambaGroupType' => 2 66 ), 67 'Domain Users' => array 68 ( 69 'gidNumber' => 513, 70 'description' => 'Netbios Domain Users', 71 'sambaGroupType' => 2 72 ), 73 'Domain Guests' => array 74 ( 75 'gidNumber' => 514, 76 'description' => 'Netbios Domain Guests Users', 77 'sambaGroupType' => 2 78 ), 79 'Domain Guests' => array 80 ( 81 'gidNumber' => 514, 82 'description' => 'Netbios Domain Guests Users', 83 'sambaGroupType' => 2 84 ), 85 'Administrators' => array 86 ( 87 'gidNumber' => 544, 88 'description' => 'Netbios Domain Members can fully administer the computer/sambaDomainName', 89 'sambaGroupType' => 2 90 ), 91 'Users' => array 92 ( 93 'gidNumber' => 545, 94 'description' => 'Netbios Domain Ordinary users', 95 'sambaGroupType' => 2 96 ), 97 'Guests' => array 98 ( 99 'gidNumber' => 546, 100 'description' => 'Netbios Domain Users granted guest access to the computer/sambaDomainName', 101 'sambaGroupType' => 2 102 ), 103 'Power Users' => array 104 ( 105 'gidNumber' => 547, 106 'description' => 'Netbios Domain Members can share directories and printers', 107 'sambaGroupType' => 2 108 ), 109 'Account Operators' => array 110 ( 111 'gidNumber' => 548, 112 'description' => 'Netbios Domain Users to manipulate users accounts', 113 'sambaGroupType' => 2 114 ), 115 'Server Operators' => array 116 ( 117 'gidNumber' => 549, 118 'description' => 'Netbios Domain Server Operators', 119 'sambaGroupType' => 2 120 ), 121 'Print Operators' => array 122 ( 123 'gidNumber' => 550, 124 'description' => 'Netbios Domain Print Operators', 125 'sambaGroupType' => 2 126 ), 127 'Backup Operators' => array 128 ( 129 'gidNumber' => 551, 130 'description' => 'Netbios Domain Members can bypass file security to back up files', 131 'sambaGroupType' => 2 132 ), 133 'Replicator' => array 134 ( 135 'gidNumber' => 552, 136 'description' => 'Netbios Domain Supports file replication in a sambaDomainName', 137 'sambaGroupType' => 2 138 ), 139 'Domain Computers' => array 140 ( 141 'gidNumber' => 553, 142 'description' => 'Netbios Domain Computers accounts', 143 'sambaGroupType' => 2 144 ), 145 ); 146 147 $ldap = $GLOBALS['egw']->common->ldapConnect(); 148 149 $dn = $GLOBALS['egw_info']['server']['ldap_group_context']; 150 151 foreach($sambaGroups as $groupName => $groupData) 152 { 153 $filter = "(&(gidnumber=".$groupData['gidNumber'].")(objectclass=posixgroup))"; 154 155 $sri = @ldap_search($ldap,$dn,$filter); 156 157 if(!$sri) return false; 158 159 $allValues = ldap_get_entries($ldap, $sri); 160 if($allValues['count'] == 0) 161 { 162 $newData = array(); 163 $newData['objectClass'][] = 'posixGroup'; 164 $newData['objectClass'][] = 'sambaGroupMapping'; 165 $newData['objectClass'][] = 'phpgwAccount'; 166 167 $newData['gidNumber'] = $groupData['gidNumber']; 168 $newData['cn'] = $groupName; 169 $newData['description'] = $groupData['description']; 170 $newData['sambaSID'] = $this->sid.'-'.$groupData['gidNumber']; 171 $newData['sambaGroupType'] = $groupData['sambaGroupType']; 172 $newData['displayName'] = $groupName; 173 174 $newData['phpgwAccountExpires'] = -1; 175 $newData['phpgwAccountType'] = 'g'; 176 177 $newDN = "cn=".$groupName.",".$dn; 178 179 if(!@ldap_add($ldap,$newDN,$newData)) 180 { 181 return false; 182 } 183 } 184 } 185 } 186 187 function deleteWorkstation($_workstations) 188 { 189 if(is_array($_workstations)) 190 { 191 $dn = $this->computerou; 192 $ldap = $GLOBALS['egw']->common->ldapConnect(); 193 foreach($_workstations as $key => $value) 194 { 195 $filter = "(&(uidnumber=$key)(objectclass=sambasamaccount))"; 196 197 $sri = @ldap_search($ldap,$dn,$filter); 198 if($sri) 199 { 200 $allValues = ldap_get_entries($ldap,$sri); 201 $wsDN = $allValues[0]['dn']; 202 203 ldap_delete($ldap, $wsDN); 204 } 205 } 206 return true; 207 } 208 else 209 { 210 return false; 211 } 212 } 213 214 function expirePassword($_accountID) 215 { 216 $ldap = $GLOBALS['egw']->common->ldapConnect(); 217 $filter = "(&(uidnumber=$_accountID)(objectclass=sambasamaccount))"; 218 219 $sri = @ldap_search($ldap,$GLOBALS['phpgw_info']['server']['ldap_context'],$filter); 220 if ($sri) 221 { 222 $allValues = ldap_get_entries($ldap, $sri); 223 $accountDN = $allValues[0]['dn']; 224 225 $newData['sambaPwdLastSet'] = time(); 226 $newData['sambaPwdCanChange'] = '1'; 227 $newData['sambaPwdMustChange'] = '1'; 228 229 if(@ldap_mod_replace ($ldap, $accountDN, $newData)) 230 { 231 return true; 232 } 233 #print ldap_error($ldap); 234 } 235 return false; 236 } 237 238 function findNextUID() 239 { 240 $nextUID = 0; 241 $tmpUID = (int)$GLOBALS['egw']->common->last_id('accounts'); 242 do 243 { 244 $ldap = $GLOBALS['egw']->common->ldapConnect(); 245 246 $dn = $this->computerou; 247 $filter = "(&(uidnumber=$tmpUID)(objectclass=posixaccount))"; 248 $sri = ldap_search($ldap,$dn,$filter); 249 { 250 $allValues = ldap_get_entries($ldap, $sri); 251 if ($allValues['count'] == 0) 252 { 253 // now search under the accounts dn too, maybe the same dn 254 $dn = $GLOBALS['egw_info']['server']['ldap_context']; 255 $filter = "(&(uidnumber=$tmpUID)(objectclass=posixaccount))"; 256 257 $sri = @ldap_search($ldap,$dn,$filter); 258 if($sri) 259 { 260 $allValues = ldap_get_entries($ldap, $sri); 261 if ($allValues['count'] == 0) 262 { 263 $nextUID = $tmpUID; 264 } 265 } 266 } 267 } 268 269 if (!$sri) 270 { 271 // ldap error 272 return false; 273 } 274 275 $tmpUID = (int)$GLOBALS['egw']->common->next_id('accounts'); 276 } while ($nextUID == 0); 277 278 return $nextUID; 279 } 280 281 function getUserData($_accountID) 282 { 283 $dn = $GLOBALS['egw_info']['server']['ldap_contact_context']; 284 $ldap = $GLOBALS['egw']->common->ldapConnect(); 285 $filter = "(&(uidnumber=$_accountID)(objectclass=sambaSamAccount))"; 286 287 $sri = @ldap_search($ldap,$dn,$filter); 288 if ($sri) 289 { 290 $allValues = ldap_get_entries($ldap, $sri); 291 if ($allValues['count'] > 0) 292 { 293 #print "found something<br>"; 294 $userData = array(); 295 $userData["displayname"] = $GLOBALS['egw']->translation->convert($allValues[0]["displayname"][0],'utf-8'); 296 $userData["sambahomedrive"] = $GLOBALS['egw']->translation->convert($allValues[0]["sambahomedrive"][0],'utf-8'); 297 $userData["sambahomepath"] = $GLOBALS['egw']->translation->convert($allValues[0]["sambahomepath"][0],'utf-8'); 298 $userData["sambalogonscript"] = $GLOBALS['egw']->translation->convert($allValues[0]["sambalogonscript"][0],'utf-8'); 299 $userData["sambaprofilepath"] = $GLOBALS['egw']->translation->convert($allValues[0]["sambaprofilepath"][0],'utf-8'); 300 $userData["uid"] = $allValues[0]["uid"][0]; 301 302 return $userData; 303 } 304 } 305 306 // if we did not return before, return false 307 return false; 308 } 309 310 function getWorkstationData($_uidNumber) 311 { 312 if(empty($this->computerou)) 313 return false; 314 315 $dn = $this->computerou; 316 $ldap = $GLOBALS['egw']->common->ldapConnect(); 317 $filter = "(&(uidnumber=$_uidNumber)(objectclass=sambasamaccount))"; 318 319 $sri = @ldap_search($ldap,$dn,$filter); 320 if($sri) 321 { 322 $allValues = ldap_get_entries($ldap,$sri); 323 324 $workstationData['workstationName'] = $allValues[0]['uid'][0]; 325 $workstationData['workstationID'] = $allValues[0]['uidnumber'][0]; 326 $workstationData['description'] = $allValues[0]['description'][0]; 327 328 return $workstationData; 329 } 330 331 return false; 332 } 333 334 function getWorkstationList($_start, $_sort, $_order, $_searchString) 335 { 336 if(empty($this->computerou)) 337 return false; 338 339 $dn = $this->computerou; 340 $ldap = $GLOBALS['egw']->common->ldapConnect(); 341 if(!empty($_searchString)) 342 $filter = "(&(|(uid=*$_searchString*$)(description=*$_searchString*))(objectclass=sambasamaccount))"; 343 else 344 $filter = "(&(uid=*$)(objectclass=sambasamaccount))"; 345 346 $sri = @ldap_search($ldap,$dn,$filter); 347 if($sri) 348 { 349 // we can compare the searchresults using a php function 350 if(version_compare(phpversion(), '4.2.0','>=')) 351 { 352 switch($_order) 353 { 354 case'workstation_name': 355 $order = 'uid'; 356 break; 357 default: 358 $order = $_order; 359 break; 360 } 361 ldap_sort($ldap,$sri,$order); 362 } 363 $allValues = ldap_get_entries($ldap,$sri); 364 unset($allValues['count']); 365 if($_sort == 'DESC') 366 { 367 $allValues = array_reverse($allValues); 368 } 369 #_debug_array($allValues); 370 371 $wsList['workstations'] = array_slice($allValues,$_start,(int)$GLOBALS['egw_info']['user']['preferences']['common']['maxmatchs']); 372 $wsList['total'] = count($allValues); 373 374 return $wsList; 375 } 376 377 return false; 378 } 379 380 function name2sid($_name) 381 { 382 $ldap = $GLOBALS['egw']->common->ldapConnect(); 383 384 $filter = "(&(cn=$_name)(objectclass=sambasamaccount))"; 385 $sri = @ldap_search($ldap,$GLOBALS['egw_info']['server']['ldap_context'],$filter); 386 387 if (!$sri) return false; 388 389 $allValues = ldap_get_entries($ldap, $sri); 390 if($allValues[0]['sambasid'][0]) return $allValues[0]['sambasid'][0]; 391 392 $filter = "(&(cn=$_name)(objectclass=sambagroupmapping))"; 393 $sri = @ldap_search($ldap,$GLOBALS['egw_info']['server']['ldap_group_context'],$filter); 394 395 if (!$sri) return false; 396 397 $allValues = ldap_get_entries($ldap, $sri); 398 if($allValues[0]['sambasid'][0]) return $allValues[0]['sambasid'][0]; 399 400 return false; 401 } 402 403 function saveUserData($_accountID, $_accountData) 404 { 405 $ldap = $GLOBALS['egw']->common->ldapConnect(); 406 $filter = "(&(uidnumber=$_accountID)(objectclass=posixaccount))"; 407 408 $sri = @ldap_search($ldap,$GLOBALS['egw_info']['server']['ldap_context'],$filter); 409 if ($sri) 410 { 411 $allValues = ldap_get_entries($ldap, $sri); 412 $accountDN = $allValues[0]['dn']; 413 $uid = $allValues[0]['uid'][0]; 414 $uidnumber = $allValues[0]['uidnumber'][0]; 415 $cn = $allValues[0]['cn'][0]; 416 $homedirectory = $allValues[0]['homedirectory'][0]; 417 $objectClass = $allValues[0]['objectclass']; 418 unset($objectClass['count']); 419 420 if(!in_array('sambasamaccount',$objectClass) && 421 !in_array('sambaSamAccount',$objectClass)) 422 { 423 $objectClass[] = "sambaSamAccount"; 424 } 425 $objectClass = array_unique($objectClass); 426 sort($objectClass,SORT_STRING); 427 } 428 else 429 { 430 return false; 431 } 432 433 $newData['objectClass'] = $objectClass; 434 435 // set some usefull defaults 436 $newData['sambaPwdLastSet'] = 437 isset($allValues[0]['sambapwdlastset'][0])?$allValues[0]['sambapwdlastset'][0]:0; 438 $newData['sambaLogonTime'] = 439 isset($allValues[0]['sambapwdlogontime'][0])?$allValues[0]['sambapwdlogontime'][0]:2147483647; 440 $newData['sambaLogoffTime'] = 441 isset($allValues[0]['sambapwdlogofftime'][0])?$allValues[0]['sambapwdlogofftime'][0]:2147483647; 442 $newData['sambaKickoffTime'] = 443 isset($allValues[0]['sambapwdkickofftime'][0])?$allValues[0]['sambapwdkickofftime'][0]:2147483647; 444 $newData['sambaPwdCanChange'] = 445 isset($allValues[0]['sambapwdcanchange'][0])?$allValues[0]['sambapwdcanchange'][0]:0; 446 $newData['sambaPwdMustChange'] = 447 isset($allValues[0]['sambapwdmustchange'][0])?$allValues[0]['sambapwdmustchange'][0]:2147483647; 448 $newData['sambaSID'] = 449 isset($allValues[0]['sambasid'][0])?$allValues[0]['sambasid'][0]:$this->sid.'-'.(2 * $uidnumber + 1000); 450 451 $newData['sambaAcctFlags'] = '[U'.($_accountData['status'] == 'deactivated' ? 'D' : ' ').' ]'; 452 453 $newData['displayname'] = $cn; 454 455 $newData = array_change_key_case($newData); 456 457 #_debug_array($_accountData); 458 $formFields = array('sambahomepath','sambahomedrive','sambalogonscript','sambaprofilepath','sambapwdmustchange','sambapwdcanchange'); 459 foreach($formFields as $fieldName) 460 { 461 if(isset($_accountData[$fieldName])) 462 { 463 if(!empty($_accountData[$fieldName])) 464 { 465 $newData[$fieldName] = $GLOBALS['egw']->translation->convert 466 ( 467 $_accountData[$fieldName], 468 $this->charSet, 469 'utf-8' 470 ); 471 } 472 else 473 { 474 $newData[$fieldName] = array(); 475 } 476 } 477 } 478 479 if(@ldap_mod_replace ($ldap, $accountDN, $newData)) 480 { 481 if(isset($_accountData['password'])) 482 { 483 return $this->changePassword($_accountID,$_accountData['password']); 484 } 485 return true; 486 } 487 488 #print ldap_error($ldap); 489 490 return false; 491 // done! :-) 492 } 493 494 function updateGroup($_groupID) 495 { 496 if(!$groupID = abs((int)$_groupID)) return false; 497 498 $ldap = $GLOBALS['egw']->common->ldapConnect(); 499 $filter = "(&(gidnumber=$groupID)(objectclass=posixgroup))"; 500 501 $sri = @ldap_search($ldap,$GLOBALS['egw_info']['server']['ldap_group_context'],$filter); 502 if ($sri) 503 { 504 $allValues = ldap_get_entries($ldap, $sri); 505 $groupDN = $allValues[0]['dn']; 506 $cn = $allValues[0]['cn'][0]; 507 $objectClass = $allValues[0]['objectclass']; 508 unset($objectClass['count']); 509 510 if(!$allValues[0]['sambasid'][0]) 511 { 512 $objectClass[] = 'sambaGroupMapping'; 513 $objectClass = array_unique($objectClass); 514 sort($objectClass,SORT_STRING); 515 516 $newData['objectclass'] = $objectClass; 517 $newData['sambasid'] = $this->sid.'-'.($groupID*2 + 1001); 518 $newData['sambagrouptype'] = 2; 519 $newData['displayname'] = $cn; 520 521 if(@ldap_mod_replace ($ldap, $groupDN, $newData)) 522 { 523 return true; 524 } 525 #print ldap_error($ldap);exit; 526 } 527 } 528 529 return false; 530 } 531 532 function updateWorkstation($_newData) 533 { 534 // add a new workstation 535 if($_newData[workstationID] == 'new') 536 { 537 if(!$newData['uidNumber'] = $this->findNextUID()) 538 return false; 539 540 if(!$groupID = $GLOBALS['egw']->accounts->name2id($this->computergroup)) 541 return false; 542 543 if(!$groupSID = $this->name2sid($this->computergroup)) 544 return false; 545 546 #$_newData['workstationName'] = trim($_newData['workstationName']); 547 #$_newData['description'] = trim($_newData['description']); 548 549 if(empty($_newData['description'])) 550 { 551 $_newData['description'] = lang('workstation account for').' '.$_newData['workstationName']; 552 } 553 554 if(substr($_newData['workstationName'],strlen($_newData['workstationName'])-1,1) != '$') 555 { 556 $_newData['workstationName'] .= "$"; 557 } 558 559 $newData['objectClass'][0] = 'top'; 560 $newData['objectClass'][1] = 'posixaccount'; 561 $newData['objectClass'][2] = 'sambasamaccount'; 562 $newData['objectClass'][3] = 'person'; 563 $newData['uid'] = $GLOBALS['egw']->translation->convert($_newData['workstationName'],'utf-8'); 564 $newData['description'] = $GLOBALS['egw']->translation->convert($_newData['description'],'utf-8'); 565 $newData['displayName'] = $GLOBALS['egw']->translation->convert($_newData['workstationName'],'utf-8'); 566 $newData['cn'] = $GLOBALS['egw']->translation->convert($_newData['workstationName'],'utf-8'); 567 $newData['sn'] = $newData['cn']; 568 $newData['homeDirectory'] = '/dev/null'; 569 $newData['loginShell'] = '/bin/false'; 570 #$newData['sambaacctflags'] = '[DW ]'; 571 $newData['sambaacctflags'] = '[W ]'; 572 $newData['gidNumber'] = $groupID; 573 $newData['sambasid'] = $this->sid.'-'.($newData['uidNumber']*2 + 1000); 574 $newData['sambaprimarygroupsid']= $groupSID; 575 576 $ldap = $GLOBALS['egw']->common->ldapConnect(); 577 $dn = "uid=".$_newData['workstationName'].",".$this->computerou; 578 579 if(ldap_add($ldap,$dn,$newData)) 580 { 581 return $newData['uidNumber']; 582 } 583 else 584 { 585 return false; 586 } 587 } 588 // update a existing workstation 589 elseif(is_numeric($_newData[workstationID]) && $_newData[workstationID] > 0) 590 { 591 $newData['description'] = $_newData['description']; 592 #$newData['sambaacctflags'] = '[DW ]'; 593 #$newData['sambaacctflags'] = '[W ]'; 594 595 $dn = $this->computerou; 596 $ldap = $GLOBALS['egw']->common->ldapConnect(); 597 $filter = "(&(uidnumber=".$_newData[workstationID].")(objectclass=sambasamaccount))"; 598 599 $sri = @ldap_search($ldap,$dn,$filter); 600 if($sri) 601 { 602 $allValues = ldap_get_entries($ldap, $sri); 603 604 $dn = $allValues[0]['dn']; 605 606 ldap_mod_replace ($ldap, $dn, $newData); 607 #print "<br><br><br><br><br><br><br><br><br><br>LDAP ERROR:".ldap_error($ldap); 608 } 609 return $_newData[workstationID]; 610 } 611 // something went wrong 612 else 613 return false; 614 } 615 } 616 ?>
titre
Description
Corps
titre
Description
Corps
titre
Description
Corps
titre
Corps
| Généré le : Sun Feb 25 17:20:01 2007 | par Balluche grâce à PHPXref 0.7 |